GAO: DHS has 'major tasks' to do in cybersecurity

Related Links

A new Government Accountability Office report recognizes the efforts the Homeland Security Department has made to strengthen its responsibilities for enhancing the cybersecurity of critical infrastructures. But GAO said major tasks remain to be done.

The report was included as testimony by David Powner, director of information technology management issues at GAO, when he appeared before the House Homeland Security Committee’s Economic Security, Infrastructure Protection and Cybersecurity Subcommittee Sept. 13.

In its report, GAO states that in 2005 DHS had pinpointed 13 key cybersecurity responsibilities without fully addressing any of them. For example, DHS established forums to foster information sharing among federal and law enforcement officials “but had not developed national threat and vulnerability assessments for cybersecurity.”

GAO acknowledged that some progress has been made since then in all 13 categories, including DHS’ release of a National Infrastructure Protection Plan, but the department still has not completed any of them.

GAO said DHS’ initiatives this year to develop an integrated public/private plan for Internet recovery were not complete or comprehensive. Moreover, many of the efforts of the working groups DHS established to facilitate coordination and practice responding to cyber events “lacked time frames for completion, and the relationships among its various initiatives were not evident.”

GAO also took note of the number of senior DHS cybersecurity officials who have left the department. The newly created position of assistant secretary of cybersecurity and telecommunications has been unfilled for a year.

George Foresman, DHS’ undersecretary for preparedness, told the subcommittee the department has a strong potential candidate for that job and would possibly bring that person forward soon, pending a security clearance.

GAO noted that it has made about 25 recommendations to DHS in the past several years. It has suggested that the department conduct threat and vulnerability assessments and develop a strategic analysis and warning capability for identifying potential cyberattacks.

“Until they are addressed,” the report states, “DHS will have difficulty achieving results as the federal cybersecurity focal point.”

About the Author

David Hubler is the former print managing editor for GCN and senior editor for Washington Technology. He is freelance writer living in Annandale, Va.